QUESTION 11Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1.You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.You need to add a domain user named User1 to the local Administrators group on Server1.Solution: From the Computer Configuration node of GPO1, you configure the Local Users and Groups preference.Does this meet the goal?

A. YesB. No

Answer: A

QUESTION 12You network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA) named CA1.You have a test environment that is isolated physically from the corporate network and the Internet.You deploy a web server to the test environment. On CA1, you duplicate the Web Server template, and you name the template Web_Cert_Test.For the web server, you need to request a certificate that does not contain the revocation information of CA1.What should you do first?

A. From the properties of CA1, allow certificates to be published to the file system.B. From the properties of CA1, select Restrict enrollment agents, and then add Web_Cert_Test to the restricted enrollment agent.C. From the properties of Web_Cert_Test, assign the Enroll permission to the guest account.D. From the properties of Web_Cert_Test, set the Compatibility setting of CA1 to Windows Server 2016.

Answer: D

QUESTION 13Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).You need to force users to change their account password at least every 30 days.What should you do?

QUESTION 14Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You network contains an Active Directory forest named contoso.com.The forest contains an Active Directory Rights Management Services (AD RMS) deployment.Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment.You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com.Solution: From AD RMS in fabrikam.com, you configure contoso.com as a trusted publisher domain.Does this meet the goal?

A. YesB. No

Answer: BExplanation:Contoso needs to trust Fabrikam.

QUESTION 15Note: This question is part of a series of questions that use the same scenario. For you convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.Start of repeated scenario.You work for a company named Contoso, Ltd.The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.The contoso.com forest contains the objects configured as shown in the following table.Group1 and Group2 contain only user accounts.Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of User1@litwareinc.com.End of repeated scenario.You need to ensure that User2 can add Group4 as a member of Group5.What should you modify?

A. the group scope of Group5B. the Managed By settings of Group4C. the group scope of Group4D. the Managed By settings of Group5

Answer: D

QUESTION 16Your network contains an enterprise root certification authority (CA) named CA1.Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates are based on a template named Secure_Computer. The template uses schema version 2.You need to ensure that new certificates based on Secure_Computer are valid for three years.What should you do?

A. Modify the Validity period for the certificate template.B. Instruct users to request certificates by running the certreq.exe command.C. Instruct users to request certificates by using the Certificates console.D. Modify the Validity period for the root CA certificate.

Answer: A

QUESTION 17Your network contains an Active Directory forest named contoso.com. The forest contains three domains named contoso.com, corp.contoso.com, and ext.contoso.com. The forest contains three Active Directory sites named Site1, Site2, and Site3.You have the three administrators as described in the following table.You create a Group Policy object (GPO) named GPO1.Which administrator or administrators can link GPO1 to Site2?

QUESTION 18Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).You need to use the application control policy settings to prevent several applications from running on the network.What should you do?

QUESTION 19Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.Start of repeated scenario.You work for a company named Contoso, Ltd.The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.The contoso.com forest contains the objects configured as shown in the following table.Group1 and Group2 contain only user accounts.Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of User1@litwareinc.com.End or repeated scenario.You need to ensure that Admin1 can add Group2 as a member of Group3.What should you modify?

A. Modify the Security settings of Group3.B. Modify the group scope of Group3.C. Modify the group type of Group3.D. Set Admin1 as the manager of Group3.

Answer: B

QUESTION 20Your network contains an Active Directory forest named contoso.com.A partner company has a forest named fabrikam.com. Each forest contains one domain.You need to provide access for a group named Research in fabrikam.com to resources in contoso.com. The solution must use the principle of least privilege.What should you do?